| New User, Welcome! Login |
Next Page >>
runs
As we have a single presentation track, please bear in mind that
speaking slots are limited to one hour. While presenters typically
divide the hour into separate presentation and Q&A sessions, you may
structure your time however you see fit. If you think your
presentation will run longer, or have any special requirements, please
include this information in your submission and we will do our best to
accommodate you.
Note: If the presentation is based upon code or a particular
technique, the presenter must be one of the developers of the code or
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A logic flaw has been found in the way .NET grants permissions to
ClickOnce applications. Combined with relaxed security warnings when
handling OLE Packages in Office 2007 allows for attackers to run
arbitrary .NET assemblies with Full Trust permissions.
------------------------------------------------------------------------
See also
------------------------------------------------------------------------
> ANY FORM FOR THE INFORMATION CONTAINED WITHIN OR THE CONSEQUENCES OF ITS
> USE OR MISUSE.
>
> Synopsis:
> Most current installations of PHP set up to run via FastCGI with suexec
> are vulnerable to a local exploit, where anyone with the ability to run
> code as the user the webserver runs as can gain access as any user with
> an account set up to run PHP. It is anticipated that this issue will
> especially affect shared web hosts who use FastCGI + suexec thinking it
> will give them additional security.
> Martijn Vernooij (tinus win tue nl) wrote
> On Wed, 11 Feb 2009 security.432 (at) amxl (dot) com [email concealed] wrote:
> > => The attacker must be able to run code as the same user that the
> > webserver runs as. This is unlikely to be a problem for many local
> > attackers, because there are a multitude of possible attack vectors,
> > such as SSI, non-suexec CGI scripts, non-suexec PHP (if mod_php is also
> > installed), and likely numerous other options.
>
> Once the attacker can run code as the same user > the webserver runs as, he
> can make the webserver do whatever he wants. He > can just 'debug' the
Potential Security Impact: Please check the table below
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
References: MS08-056 (CVE-2008-4020),
MS08-057 (CVE-2008-3471, CVE-2008-3477, CVE-2008-4019),
MS08-058 (CVE-2008-2947, CVE-2008-3472, CVE-2008-3473, CVE-2008-3474, CVE-2008-3475, CVE-2008-3476),
MS08-059 (CVE-2008-3466),
Potential Security Impact: Please check the table below
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
References: MS08-041 (CVE-2008-2463),
MS08-042 (CVE-2008-2244),
MS08-043 (CVE-2008-3003, CVE-2008-3004, CVE-2008-3005, CVE-2008-3006),
MS08-044 (CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460),
Potential Security Impact: Please check the table below
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
References: MS08-003, MS08-004, MS08-005, MS08-006, MS08-007, MS08-008, MS08-009, MS08-010, MS08-011, MS08-012, MS08-013.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Storage Management Appliance v2.1 Software running on:
Potential Security Impact: Please check the table below
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
References: MS08-003, MS08-004, MS08-005, MS08-006, MS08-007, MS08-008, MS08-009, MS08-010, MS08-011, MS08-012, MS08-013.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Storage Management Appliance v2.1 Software running on:
Debasis Mohanty wrote:
> No offence intended but if you take a little more effort of validating your
> work before posting publicly then you can save yourself from embarrassment.
>
> I don't see anything in the script that can bypass zone security and run
> successfully from internet zone. I am sure you have tested it locally and
> drawn conclusion that the script can execute from internet zone. To test the
> script from internet zone, you need to upload it to a webserver and try
> accessing via browser.
>
To exploit the vulnerability repeat the following steps:
1. copy msf_smb_weak_nonce.rb to
<METASPLOIT_DIR>/modules/exploits/windows/smb
2. Run setup_smb_weak_nonce.rb specifying the IP of the victim (e.g.:
ruby setup_smb_weak_nonce.rb 192.168.10.1). After collecting the nonces
the script will listen on port 445 for incoming SMB connections.
3. Run Internet Explorer and load 'conn.html'. This will produce 1000+
connections to the SMB server implemented by setup_smb_weak_noce.rb.
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Thunderbird could be made to run programs as your login if it opened
specially crafted mail.
Software Description:
- thunderbird: mail/news client with RSS and integrated spam filter support
- Ubuntu 11.04
Summary:
Thunderbird could be made to run programs as your login if it opened
specially crafted mail.
Software Description:
- thunderbird: mail/news client with RSS and integrated spam filter support
DISCLAIMER: THIS SECURITY ADVISORY IS PROVIDED AS-IS, AND WITHOUT ANY GUARANTEE OF ANY KIND THAT THE INFORMATION IS ACCURATE, OR THAT THE WORKAROUND, SOLUTIONS, OR PATCHES PROVIDED WILL PROTECT SYSTEMS, OR THAT THEY WILL NOT CREATE NEW PROBLEMS. THE AUTHOR ACCEPTS NO LIABILITY OF ANY FORM FOR THE INFORMATION CONTAINED WITHIN OR THE CONSEQUENCES OF ITS USE OR MISUSE.
Synopsis:
Most current installations of PHP set up to run via FastCGI with suexec are vulnerable to a local exploit, where anyone with the ability to run code as the user the webserver runs as can gain access as any user with an account set up to run PHP. It is anticipated that this issue will especially affect shared web hosts who use FastCGI + suexec thinking it will give them additional security.
Conditions for exploitation:
=> PHP needs to be used via CGI or FastCGI.
=> The system must be set up to use suexec (rather than, say, having PHP run as an external FastCGI server).
=> The attacker must be able to run code as the same user that the webserver runs as. This is unlikely to be a problem for many local attackers, because there are a multitude of possible attack vectors, such as SSI, non-suexec CGI scripts, non-suexec PHP (if mod_php is also installed), and likely numerous other options.
=> Depending on the configuration, setting an open_basedir might protect an installation. However, this only applies if open_basedir is set, php-cgi is not installed directly into the web space, but is instead called from a script which doesn't pass any parameters from the script command line.
The following sections provide details on the versions of Cisco ASA
that are affected by each vulnerability.
The show version command-line interface (CLI) command can be used to
determine if a vulnerable version of the Cisco PIX or Cisco ASA
software is running. The following example shows a Cisco ASA device
that runs software release 8.0(2):
ASA# show version
Cisco Adaptive Security Appliance Software Version 8.0(2)
Potential Security Impact: Please check the table below
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
References: MS07-042, MS07-043, MS07-044, MS07-045, MS07-046, MS07-047, MS07-048, MS07-049, MS07-050.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Storage Management Appliance v2.1 Software running on:
==========================================================================
Ubuntu Security Notice USN-1112-1
April 29, 2011
firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Potential Security Impact: Please check the table below
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
References: MS08-070 (CVE-2008-3704, CVE-2008-4252, CVE-2008-4253, CVE-2008-4254,CVE-2008-4255, CVE-2008-4256),
MS08-071 (CVE-2008-2249, CVE-2008-3465),
MS08-072 (CVE-2008-4024, CVE-2008-4025, CVE-2008-4026, CVE-2008-4027, CVE-2008-4028, CVE-2008-4030, CVE-2008-4031, CVE-2008-4837),
MS08-073 (CVE-2008-4258, CVE-2008-4259, CVE-2008-4260, CVE-2008-4261),
Executive Summary
- -----------------
Unprivileged local users can obtain root access on Unix systems where
the DISA SRR scripts are run. If a remote user can introduce a file
into the filesystem (e.g. anonymous ftp, http upload, cdrom, samba
share, etc.), root access may be obtained by remote, and potentially
anonymous, users.
Software Description
Potential Security Impact: Please check the table below
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
References: MS08-018, MS08-019, MS08-020, MS08-021, MS08-022, MS08-023, MS08-024, MS08-025.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Storage Management Appliance v2.1 Software running on:
a. Setting ActiveX killbit
Starting from this release, VMware has set the killbit on its
ActiveX controls. Setting the killbit ensures that ActiveX
controls cannot run in Internet Explorer (IE), and avoids
security issues involving ActiveX controls in IE. See the
Microsoft KB article 240797 and the related references on this
topic.
Security vulnerabilities have been reported for ActiveX controls
Potential Security Impact: Please check the table below
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
References: MS08-030 (CVE-2008-1453), MS08-031 (CVE-2008-1442, CVE-2008-1544), MS08-032 (CVE-2007-0675), MS08-033 (CVE-2008-0011, CVE-2008-1444), MS08-034 (CVE-2008-1451), MS08-035 (CVE-2008-1445), MS08-036 (CVE-2008-1440, CVE-2008-1441).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Storage Management Appliance v2.1 Software running on:
Potential Security Impact: Please check the table below
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
References: MS07-063, MS07-064, MS07-065, MS07-066, MS07-067, MS07-068, MS07-069.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Storage Management Appliance v2.1 Software running on:
===========================================================
Ubuntu Security Notice USN-975-1 September 08, 2010
firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities
CVE-2010-2760, CVE-2010-2762, CVE-2010-2764, CVE-2010-2765,
CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769,
CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169
===========================================================
A security issue affects the following Ubuntu releases:
all the necessary changes.
Details follow:
Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
We apologize for the inconvenience.
Original advisory details:
Several dangling pointer vulnerabilities were discovered in Thunderbird. An
attacker could exploit this to crash Thunderbird or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2760, CVE-2010-2767,
CVE-2010-3167)
It was discovered that the XPCSafeJSObjectWrapper (SJOW) security wrapper
did not always honor the same-origin policy. If JavaScript was enabled, an
===========================================================
Ubuntu Security Notice USN-975-2 September 16, 2010
firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 regression
https://launchpad.net/bugs/640839
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 9.04
to verify that ZoneAlarm is working and blocking these.
Step-by-step illustration
1) Firstly make a backup copy of the "Run" key (i.e. Runs).
NOTE: This step is actually not required, however, will look less suspicious
in the Task Manager. You could in fact just execute steps (2) and (5) & (6) if
you wish.
number conversion routines. Using this vulnerability an attacker
could craft some malicious JavaScript code containing a very long
string to be converted to a floating point number which would result
in improper memory allocation and the execution of an arbitrary memory
location. This vulnerability could thus be leveraged by the attacker
to run arbitrary code on a victim's computer (CVE-2009-1563).
Security researcher Jeremy Brown reported that the file naming scheme
used for downloading a file which already exists in the downloads
folder is predictable. If an attacker had local access to a victim's
computer and knew the name of a file the victim intended to open
3. *Vulnerability Description*
Windows Virtual PC and Microsoft Virtual PC 2007 are system
virtualization desktop applications from Microsoft used to run one or
many virtual hosts on a single physical system. Windows 7 relies on
Virtual PC technology to implement the backward compatibility XP Mode
for legacy Windows applications. Using XP Mode, Windows 7 users can run
Windows applications on a virtualized Windows XP SP3 operating system
directly from the Windows 7 desktop but in doing so they may be
SUMMARY
=======
Telartis's AWStats Totals program is vulnerable to command execution
and cross site scripting attacks. A remote attacker could exploit
these vulnerabilities to run arbitrary commands on the system with the
permissions of the web server.
AFFECTED SOFTWARE
=================
Next Page>>
|
|
|
